Symantec Discovery Finds That Phishers Are Creating YouTube Channels to Document Their Attacks

Symantec recently discovered a phishing site for Amazon.com, which didn't seem out of the norm, at first. However, when taking a closer look at the HTML source code, an interesting comment from the attacker was uncovered. The "brag tag," found details that consisted of the name of the scam, "Scama Amazon 2016,” along with the attacker's name, website, and even a YouTube channel.

Upon investigating Code nour, the phisher's YouTube channel, it was found that it has only five subscribers, and most of the videos have fewer than 100 views at the time of writing. While not many people subscribe to the channel or watch the videos, the few that do are keen and enthusiastic. The videos on the channel show walkthroughs of the phisher's convincing-looking phishing kits.

Code nour isn't the only phisher with a YouTube presence. This kind of activity is normally expected to take place on secretive underground forums, so it's surprising that phishers are so brazenly, and publicly publishing this material on YouTube.

This completely open trade in phishing knowledge and tools shows the scale of today's phishing problem. With more and more aspects of our lives being managed online, we expect phishing to increase.

How Do I Know if it’s a Phishing Scam?

Phishers often masquerade as legitimate, well known companies in order to trick you into divulging sensitive information. These scams may use email as a platform to try to request personal information and direct users to malicious websites where malware can be hiding. These tricksters tend to use real company logos, and use what is called a spoofed email address, which is an email address that looks like it is coming from the legitimate company’s address. However, the address may be misspelled slightly or come from a spoofed domain.

These fraudulent emails come in many forms, which can look like a help desk support ticket, a message from your bank, or someone soliciting money via a 419 scam. In these emails, phishers tend to use some kind of urgent call to action. You may get a notice that an account is being shut down and you need to log in “immediately” in order to avoid that from happening. They may also request personal information in order to verify your identity. It is important to remember to NEVER click on the links in the suspicious emails, no matter how legitimate the link may appear. It is always best to visit the website in question by manually typing the address in your browser’s URL bar. For extra security, be sure to look for the verified HTTPS at the beginning of the URL in the task bar.

Stay Safe Against Phishing Attacks:

To protect against phishing attacks, we suggest the following best practices:

Use two-factor authentication (2FA) when possible. 2FA is a method of verifying your identity that adds a second factor of authentication in addition to your account password.

Do not click on links in messages from unknown senders. And be especially selective about what you download to your computer- if you’re not expecting the email, definitely do not download any attachments.

Keep software and security patches up to date. By regularly performing these updates, you are actually patching vulnerabilities, or “holes” that malware can sneak through.

Never give out any personal information via email, social media platforms, text messages or instant messages.

Use Norton Security to provide anti-spam protection and proactively protect from other security risks.

About the Author

I began my career in the computer hardware industry as an Apple Genius, which allowed me to gain a vast knowledge of consumer technology and issues. At Norton, I am able to integrate my passion for technology and my passion for helping educate consumers about the evolving Internet threat landscape.